Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IOS IDS configuration

from [mc] Network Security [Permanent Link]
Subject: Re: IOS IDS configuration
Date: Tue, 28 Sep 2004 09:30:10 +1000 
Dan Tesch wrote:

Hi, we have the IOSIDS functions enabled in our 2611
and I have read the docs but don't know if I can
disable single lines in the config.

example:

ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Ethernet_0_1 smtp
ip inspect name Ethernet_0_1 ftp
ip inspect name Ethernet_0_1 tcp
ip inspect name Ethernet_0_1 udp
ip inspect name Ethernet_0_1 cuseeme
ip inspect name Ethernet_0_0 tcp
ip inspect name Ethernet_0_0 udp
ip inspect name Ethernet_0_0 cuseeme
ip inspect name Ethernet_0_0 ftp
ip inspect name Ethernet_0_0 h323
ip inspect name Ethernet_0_0 rcmd
ip inspect name Ethernet_0_0 realaudio
ip inspect name Ethernet_0_0 smtp
ip inspect name Ethernet_0_0 streamworks
ip inspect name Ethernet_0_0 vdolive
ip inspect name Ethernet_0_0 sqlnet
ip inspect name Ethernet_0_0 tftp
ip audit notify log
ip audit po max-events 100

these appear to be defaults, if I am not using something like
vdolive, sqlnet, streamworks, realaudio, etc. can I delete the lines?
are there some helpful extra parameters anyone can suggest?

Thanks


Type the line you wish to delete with a 'no' infront of it, should do it.
(eg 'no ip inspect name Ethernet_0_1 ftp')

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PIX failover without using HSRP, steve ruben
Next by Date:  RE: IPTables, Mark E. Donaldson
Previous by Thread:  IOS IDS configuration, Dan Tesch
Next by Thread:  Re: IOS IDS configuration, Dan Tesch
Indexes:  [Date] [Thread] [Top] [All Lists]